Merge branch 'upgrade_devise' into 'master'

Upgrade devise from 3.0.4 to 3.2.4 See merge request !960
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-07-11 00:26:22 +0400
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-07-11 00:26:22 +0400
commit: 6bc32fe4fd157f2e84c12e7846feeac190fb8499 (patch)
tree: b3bd041f7e6e2165dab14d35736f2237b9b8a373 /app
parent: 7a914e5a8fb5af088afe598d1ceb38d145280700 (diff)
parent: 60cc1d8e92ad7d2be9f452cbbce8b583bc87056f (diff)
7 files changed, 61 insertions, 6 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d58890fa33b..1feeb601d36 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,6 +1,7 @@
 require 'gon'
 
 class ApplicationController < ActionController::Base
+  before_filter :authenticate_user_from_token!
   before_filter :authenticate_user!
   before_filter :reject_blocked!
   before_filter :check_password_expiration
@@ -28,6 +29,25 @@ class ApplicationController < ActionController::Base
 
   protected
 
+  # From https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
+  # https://gist.github.com/josevalim/fb706b1e933ef01e4fb6
+  def authenticate_user_from_token!
+    user_token = if params[:authenticity_token].presence
+                   params[:authenticity_token].presence
+                 elsif params[:private_token].presence
+                   params[:private_token].presence
+                 end
+    user = user_token && User.find_by_authentication_token(user_token.to_s)
+
+    if user
+      # Notice we are passing store false, so the user is not
+      # actually stored in the session and a token is needed
+      # for every request. If you want the token to work as a
+      # sign in token, you can simply remove store: false.
+      sign_in user, store: false
+    end
+  end
+
   def log_exception(exception)
     application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace
     application_trace.map!{ |t| "  #{t}\n" }
@@ -226,8 +246,7 @@ class ApplicationController < ActionController::Base
   end
 
   def configure_permitted_parameters
-    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) }
-    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :name, :password, :password_confirmation) }
+    devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) }
   end
 
   def hexdigest(string)
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 8dd1642c1d9..9e70978992f 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -28,4 +28,8 @@ class RegistrationsController < Devise::RegistrationsController
   def signup_enabled?
     redirect_to new_user_session_path unless Gitlab.config.gitlab.signup_enabled
   end
+
+  def sign_up_params
+    params.require(:user).permit(:username, :email, :name, :password, :password_confirmation)
+  end
 end
diff --git a/app/models/concerns/token_authenticatable.rb b/app/models/concerns/token_authenticatable.rb
new file mode 100644
index 00000000000..9b88ec1cc38
--- /dev/null
+++ b/app/models/concerns/token_authenticatable.rb
@@ -0,0 +1,31 @@
+module TokenAuthenticatable
+  extend ActiveSupport::Concern
+
+  module ClassMethods
+    def find_by_authentication_token(authentication_token = nil)
+      if authentication_token
+        where(authentication_token: authentication_token).first
+      end
+    end
+  end
+
+  def ensure_authentication_token
+    if authentication_token.blank?
+      self.authentication_token = generate_authentication_token
+    end
+  end
+
+  def reset_authentication_token!
+    self.authentication_token = generate_authentication_token
+    save
+  end
+
+  private
+
+  def generate_authentication_token
+    loop do
+      token = Devise.friendly_token
+      break token unless self.class.unscoped.where(authentication_token: token).first
+    end
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index 6d7350881df..19104336598 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -52,6 +52,7 @@ require 'file_size_validator'
 class User < ActiveRecord::Base
   include Gitlab::ConfigHelper
   extend Gitlab::ConfigHelper
+  include TokenAuthenticatable
 
   default_value_for :admin, false
   default_value_for :can_create_group, gitlab_config.default_can_create_group
@@ -60,7 +61,7 @@ class User < ActiveRecord::Base
   default_value_for :projects_limit, gitlab_config.default_projects_limit
   default_value_for :theme_id, gitlab_config.default_theme
 
-  devise :database_authenticatable, :token_authenticatable, :lockable, :async,
+  devise :database_authenticatable, :lockable, :async,
          :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable
 
   attr_accessor :force_random_password
diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb
index 553d08369e9..cb1291cf3bf 100644
--- a/app/views/devise/mailer/confirmation_instructions.html.erb
+++ b/app/views/devise/mailer/confirmation_instructions.html.erb
@@ -6,4 +6,4 @@
   <p>You can confirm your account through the link below:</p>
 <% end %>
 
-<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @resource.confirmation_token) %></p>
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>
diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb
index e1144e943b4..7913e88beb6 100644
--- a/app/views/devise/mailer/reset_password_instructions.html.erb
+++ b/app/views/devise/mailer/reset_password_instructions.html.erb
@@ -2,7 +2,7 @@
 
 <p>Someone has requested a link to change your password, and you can do this through the link below.</p>
 
-<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @resource.reset_password_token) %></p>
+<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
 
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>
diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb
index 0429883f05b..8c2a4f0c2d9 100644
--- a/app/views/devise/mailer/unlock_instructions.html.erb
+++ b/app/views/devise/mailer/unlock_instructions.html.erb
@@ -4,4 +4,4 @@
 
 <p>Click the link below to unlock your account:</p>
 
-<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @resource.unlock_token) %></p>
+<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p>
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-07-11 00:26:22 +0400
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-07-11 00:26:22 +0400
commit	6bc32fe4fd157f2e84c12e7846feeac190fb8499 (patch)
tree	b3bd041f7e6e2165dab14d35736f2237b9b8a373 /app
parent	7a914e5a8fb5af088afe598d1ceb38d145280700 (diff)
parent	60cc1d8e92ad7d2be9f452cbbce8b583bc87056f (diff)